Discord safe practices

One of the perks for being a Plus tier supporter, is that members get a special Patreon role in the Tailor Tales Discord.

I have now seen at least three members with this role who have had their account compromised. A bot then proceeded to spam the Discord with a harmful link.

I really don't want my Patreons to fall for this, and it is especially hard to have to ban them,  so let's keep up with some safety measurements!

How to avoid scams on Discord
There's several ways to get scammed or phished on Discord. One of the automated way; you will get a message from someone unknown or another friend (who has been compromised), and they will send you a link to free Nitro or a free game of the sort.

If it's a stranger, block them immediately. If it's a friend, make sure you check to see if it's really them, and consider the context of your previous conversation. They will want you to check out a game, and the link doesn't show a preview most of the time. Real people can be behind these accounts, so they will reply to you. Make note of their grammar and punctuation; is it different from your friend? Then block and notify your friend through a different communication method. Also be wary of images they may send you that do not load, this is a new form of scamming where they send a malicious link through an image that won't load correctly. If you click on the image to get it to load, you may be clicking a malicious link instead.

• Do not click on any links sent by strangers
• Be wary of links to free nitro or a free game sent by a friend
• If you're being sent an image and Discord says it's loading but it never does, DON'T CLICK ON IT

Two factor authentication
This one everyone should do. Do it now. Turn on two factor authentication. The chances of your account being compromised will be severely reduced. Yes you will need the app on your phone, but you can be rest assured that even if a scammer manages to get your password, they still cannot enter your account and you can quickly change passwords and retain control over your Discord account.

Beware the in-person scams
The bot ones are obvious. "Free nitro!! Click here!" which they spam to everyone, and in every community. But the not so obvious ones... the ones people are actually falling for, are real-person scams.

How does it work? They will talk to you with an account they created recently, or gotten from another compromised account, and approach you with something urgent. It is always something urgent, something you want to immediately take action with, which makes you scared and likely to believe them. They will try to tell you that your account on Steam is going to get (wrongfully) banned, because they reported you by accident. To make sure you don't get banned, they give you the Discord tag of a fake Steam moderator, so that you can 'ask' to not get banned. Handing you over to another account makes it seem more real, BUT STEAM MODERATORS DO NOT COMMUNICATE OVER DISCORD.

They will continue to pressure you that you must take action immediately, or your account will be locked out within 24 hours (or even sooner). They make up some weird excuse that they need to log into your account, so they need your password and e-mail. If you say anything about being wary or unsure, they will pressure you even more, trying to scare you into giving them the info.

If you mention it's a scam, they will immediately block you and move onto the next victim.

These scams... this is the one people are falling for. They rely on urgency and scaring you. They approach you with important information about an account you have (and they will name the correct Steam account, or Discord, or e-mail, because they can read your Steam ID on your profile if you have it linked), and let you know it's about to be deleted or banned. Obviously you don't want this to happen, so you start chatting with them, asking for help and what to do. 

Hook, line, and sinker.

So please beware any of these strangers approaching you about a non-Discord account getting banned etc. Never discuss these issues on a Discord chat, when you should be checking your e-mail from said account in the first place. If you haven't received anything, you're good. You're fine. You're not going to get banned. Your account is currently still save, unless you indulge these scammers and hand out information.

Sometimes, scammers already have your password
Ever seen the news that some big company had their data breached? Congratulations, if you had an account at that company or website, your data has been added to a list that scammers and hackers can download and keep track of. This includes passwords. So even if you have NEVER told someone your password, you can still have it leaked due to data breaches. They link e-mail addresses to passwords, and if you're someone who uses the same password for everything... they're going to try and log into any conceivable website they can think of (using bots) to steal even more data, aiming for PayPal and credit card info. You may notice e-mail notifications that someone has logged into your account from the more respectable websites. When this has happened to you, assume the worst, change ALL your passwords, and honestly - just create a new e-mail. Your current e-mail has been breached.

Want to know if you're on one of those lists? Check out this website and enter in your e-mail, and you'll know whether your data is actually leaked. https://haveibeenpwned.com/ 

Mine has personally been leaked eight times. Ever made an avatar for Snapchat? Ever bought a ticket through Ticketmaster? Ever used Dropbox? Well, they had their data breached and you are probably on the list.

You might even get e-mails from the scammers, saying something along the lines "Is this your password? XXXX. I know what you were doing behind your laptop at night... if you don't want this information leaked, give me money." Again, they prey on you, making you scared that they've hacked into your computer/laptop because they already know your password.

Don't be scared. They only read your data from the breached list, they are trying to get more out of you. Block these e-mails and report them as spam.

CHANGE YOUR PASSWORDS IMMEDIATELY IF THIS HAPPENS TO YOU.

Enable two factor authentication on any service that provides it. Do not repeat passwords among services, or use a password manager. Stay calm when someone approaches you with some dire news - news like this never gets told personally. You will receive an official e-mail instead, not through a random Discord PM.

Stay safe! Be wary! If you panic, reach out to another friend who may be able to calm you down so you can see you're falling for a scam.

But above all, you're not stupid for believing their lies.
Falling for a scam is nothing to be ashamed of. They prey on your fear, they already mine data on you, it can happen to literally anyone. It doesn't make you stupid. It just makes them conniving. A Youtuber named Jim Browning hunts down scam agencies in India and is able to hack their computers and save victims from being scammed - but even this man himself got scammed! Just stay vigilant.